Automating Reasoning with ATT(and)CK

Abstract

MITRE ATT and CK is made up of TTP (Tactics, Techniques, Procedures). They are low-level descriptions of adversarial actions (Eg. T1193 Spearphishing Attachment, T1112 Modify Registry, T1056 Input Capture). The community is interested in using ATT and CK for detection, prediction, forensics, and threat hunting because it provides behavioral observables for detecting attacks. Our goal: Characterize ATT and CKs structure and usefulness for automated detection, etc.; especially of their APT dataset.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Jan 08, 2020
Accession Number
AD1088924

Entities

People

  • Jonathan M. Spring
  • Rawan Al-shaer

Organizations

  • Carnegie Mellon University

Tags

Communities of Interest

  • C4I

DTIC Thesaurus Topics

  • Artificial Intelligence Computing
  • Case Studies
  • Clustering
  • Data Sets
  • Department Of Defense
  • Detection
  • Engineering
  • Game Theory
  • Guarantees
  • Information Security
  • Machine Learning
  • Materials
  • Models
  • Reasoning
  • Security
  • Software Development
  • Universities

Readers

  • Cybersecurity.
  • Database Systems and Applications